Concerns about data collection and reporting tools Microsoft was embedded in Windows 10 has reportedly lead a number of top torrent trackers to ban users of Windows 10 from their services. While there are some amorphous concerns about a potential "piracy kill switch" Microsoft could trigger, there are concrete concerns about the level of information Windows 10 collects from installed systems and delivers to Microsoft. The debugging and performance related information collected by Microsoft presents a serious threat to the security of the torrent trackers as well as peers who connect to Windows 10 users in torrent swarms. Continue reading
Category Archives: Shitware
Hearn's Blacklist Shenanigans
Qntra and others have been detailing potential ulterior motives for the push for an XT hard fork. Populist support for "Bitcoin"XT tends to ignore code that has not been well publicized or that they find inconvenient to acknowledge. The code in question relates to the deanonymization of XT nodes running on Tor and the blacklisting of Tor exit addresses. This is achieved through an IP address blacklist of nodes which "misbehave" and checked daily against a list of nodes maintained by Mike Hearn which the XT client dutifully fetches. Continue reading
Ashley Madison and Established Men Experience Data Liberation
In a PGP-signed statement,1 a group of freedom fighters2 known only as "The Impact Team" followed up on their promise to release the database of user information that they rightfully obtained from Avid Life Media's Ashley Madison, a popular dating website dedicated to fostering extramarital relations, and Established Men, a website dedicated to pairing up beautiful young women with successful older men. Continue reading
-
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
Naturally, the woefully incompetent Avid Life Media Chief Executive Officer Noel Biderman called the group "cyber-terrorists," very much in the same vein as Darkode or The Pirate Bay Four, but this is no more genuine than the marketplace thief who bumps into you, steals your wallet out of your pocket in broad daylight, and then screams "THIEF!" at you before he ducks into the shadows with your ID and money. ↩
Coinwallet Plans Spam While the Spamming is Cheap
Last month a venture calling itself "Coinwallet" flooded the Bitcoin network with spam in what the company called a "stress test." The spam delayed underpaying transactions without fees insufficient to secure space to be confirmed in a block resulting in a scenario where a fee market for block space could develop. A Coinwallet representative recently stated the company will be performing another stress test in early September, claiming there will close to 4.6 GB worth of spam that will flood the network. Continue reading
Hearn Releases Code to Potentially Fork XTC from Bitcoin
This weekend Mike Hearn announced the release of a version of his BitcoinXT client which would hard fork a new altcoin referred to here as XTCoin from the Bitcoin network. Should enough blocks be mined which profess to contain a vote to trigger Hearn's XTCoin fork, the XTCoin blockchain would split from the Bitcoin Blockchain an allow blocks to be mined at a maximum size of 8 megabytes each growing exponentially to a maximum size of 8 gigabytes 20 years after XTCoin forks should XTCoin somehow manage to keep enough hashpower to continue producing new blocks over the entire span of time. As mentioned in the Hard Fork Missile Crisis XTCoin, like any other altcoin forked from Bitcoin and fraudulently misrepresenting itself as Bitcoin would come under devastating economic attack which would almost certainly render further mining on the XTCoin chain a costly money losing endeavor. Continue reading
Microsoft Issues Third Generation Anti-Stuxnet Patch
Back in March Microsoft issued its second generation of patch which was intended to close a privilege escalation vulnerability used to spread the Stuxnet malware closing a portion of the vulnerability that remained after the original patch in 2010. In a bulletin today Microsoft has announced yet another iteration of the patch (archived) to close this bug as the March patch still maintained sufficient attack surface for this vulnerability to continue being exploited. Microsoft also released a tool for logging attempts to exploit this vulnerability as well as a warning that installing any new language packs after applying this patch will negate any protective effects this patch is purported to have. Windows versions including the new "Windows 10" are effected by this continuing vulnerability.
Copay Multisig Vulnerability Reported
Coinspect has reported the existence of a bug in the Copay multi-signature Bitcoin wallet produced by BitPay. In affected versions of Copay the vulnerability allowed the compromise of one party to empty the shared wallet by submitting a transaction type which would exploit the protocol used by Copay wallets to automatically sign transactions. Coinspect alleges that after reporting the flaw to BitPay on July 20th the flaw was fixed in Copay version 0.4.1 for this particular exploit scenario. Given the nature of this exploit Qntra advises users considering Copay or any multisignature scheme which involves any protocol for automatically engaging additional signers to use extreme caution recommending potential users default to avoiding the shitware involved entirely on first principles. If you trust keys to software that could automatically sign a transaction it could be tricked just as readily into signing a confession.
Zynga Continues Bleeding
A recent filing (archived) with the United States Securities and Exchange Commission show that one once hyped Facebook centric "game" maker Zynga is continuing to bleed both users and money. Zynga has lost more than 73 million United States dollars since the beginning of 2015. From 2012 through the close of 2014 Zynga has lost roughly 472 million United States dollars. Average monthly users of Zynga's products was reported to have fallen from 121 million in 2014's second quarter to 83 million the second quarter of this year, a decline of 32 percent. In spite of Zynga's hemorrhaging wallet and shrinking userbase shares still manage to trade on Nasdaq (archived) at $2.64 per share implying a market cap of $2,072,302,357 on a earnings per share of negative 19 cents.
OS X Flaw in the Wild Abuses Error Logging Function to Edit sudoers
Malwarebytes reports (archived) that a vulnerability in Apple's latest version of OS X which was reported to exist last month on Stefan Esser's blog (archived) is now appearing on malware in the wild. The flaw came into being through a new feature introduced into the OS X dynamic linker dyld. The new feature allows the linker to log error output to any file on the system without the safety or sanity checks implemented in even "hobbyist" developed Unix systems. Malwarebytes only noticed the flaw being actively exploited because a particular piece of adware had edited the sudoers file on a testing environment while examining the malware. The severity of the flaw though is such that when triggered it can edit any file on the affected machine including executable system files. Esser originally reported this flaw on July 7th, 2015 and Apple has yet to release a patch. On the other hand Esser has published a source code patch on his own which lessens this flaw though it is hard to determine how this patch will interact with possible future updates from Apple.
UK's Cameron Threatens Online Porn Shutdown Unless Online ID Scheme Implemented
Last week United Kingdom prime minister David Cameron issued an ultimatum (archived) directed at internet porn sites demanding they voluntarily produce an "effective" regime for restricting access based on age or he would act legislatively to either force such a scheme or shut them down. Of course "effective" age filters would necessarily mean the creation of a larger online identity regime. The United Kingdom already forces Internet Service Providers to filter internet connections to block pornography unless service subscribers explicitly opt out of the filtering. Further the United Kingdom late last year restricted the kinds of sex acts which may be included in pornography produced in the United Kingdom for online Video on Demand consumption. Continue reading